SSL解密未正确生成开始类型
我的上下文是,我正在使用JWT令牌流以Bitbucket管道连接到SF。 我已经能够根据需要正确生成证书和键等。我测试了它正常工作的钥匙。下一步是添加安全性,并且不想将我的密钥存储在项目中,因此我对密钥进行了加密:
openssl enc -nosalt -aes-256-cbc -in server.key -out server.key.enc -base64 -K <key-value> -iv <iv-value>
现在我将加密的server.key.enc文件存储在我的项目中,然后存储了密钥和IV值 如今,在登录到ORG之前,现在是受保护的bitbucket变量(decryption_key和decryption_iv),
我需要将server.key.enc解密至server.key.key.key.key。无法正常工作:
openssl enc -nosalt -aes-256-cbc -d -in key/server.key.enc -out key/server.key -base64 -K $DECRYPTION_KEY -iv $DECRYPTION_IV
server.key文件只有标头畸形,但页脚的生成很好
预期:
-----BEGIN RSA PRIVATE KEY-----
...........
-----END RSA PRIVATE KEY-----
got:
-��}�5��n�S�*��RIVATE KEY-----
...........
-----END RSA PRIVATE KEY-----
因此,我的管道完成了以下错误: 错误运行AUTH:JWT:GRANT:我们遇到了JSON Web令牌错误,这可能不是Salesforce CLI的问题。这是错误:错误:0909006C:PEM例程:get_name:no Start Line ,
似乎我在某个地方缺少一个小参数,但无法找到位置。
My context is that I am using jwt token flow to connect to SF in bitbucket pipeline.
I have been able to correctly generate a certificate and key etc as required. I tested the key it is working fine. Next step was to add security, and did not wanted to store my key in the project, thus I encrypted the key like this :
openssl enc -nosalt -aes-256-cbc -in server.key -out server.key.enc -base64 -K <key-value> -iv <iv-value>
Now I am storing the encrypted server.key.enc file in my project and then stored the key and iv value as protected bitbucket variables (DECRYPTION_KEY and DECRYPTION_IV)
Now before login to the org, I need to decrypt the server.key.enc to server.key so that I can use this file to login, but when doing so using following cmd, it is not working properly :
openssl enc -nosalt -aes-256-cbc -d -in key/server.key.enc -out key/server.key -base64 -K $DECRYPTION_KEY -iv $DECRYPTION_IV
The server.key file has only the header malformed but the footer is well generated
EXPECTED :
-----BEGIN RSA PRIVATE KEY-----
...........
-----END RSA PRIVATE KEY-----
GOT :
-��}�5��n�S�*��RIVATE KEY-----
...........
-----END RSA PRIVATE KEY-----
Thus my pipeline finish with following error :
ERROR running auth:jwt:grant: We encountered a JSON web token error, which is likely not an issue with Salesforce CLI. Here’s the error: error:0909006C:PEM routines:get_name:no start line
It seems like I missing a small parameter somewhere, but could not locate where.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
正如Topaco所建议的那样,我尝试了另一种更简单的方法来加密和解密:
加密:
解密:
如下所述:如何使用openssl来加密/解密文件?
效果更好
As suggested by Topaco, I tried another simpler way to encrypt and decrypt :
Encrypt:
Decrypt:
as mentioned here : How to use OpenSSL to encrypt/decrypt files?
And it works better